CVE-2014-2045

Name of the Vulnerable Software and Affected Versions: Viprinet Multichannel VPN Router 300 (affected versions not specified)

Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via various parameters, including the username when logging in or creating an account, hostname, inspect parameter in the config module, commands parameter in the atcommands tool, or host parameter in the ping tool.

Recommendations: For the Viprinet Multichannel VPN Router 300, consider disabling the login and account creation features in the old and new interfaces until a patch is available. Restrict access to the config module, atcommands tool, and ping tool to minimize the risk of exploitation. Avoid using the vulnerable parameters, such as username, hostname, inspect, commands, and host, in the affected interfaces and tools until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.